[finknottle]

I have Netbarrier on my G5 as a firewall and just the last day (and I have the app over a year) it has been sending me emails telling me that I am being port scanned with the following info as examples...
1)Date: 12/17/2005 00:08:16 Europe/Dublin +0000
Remote address: 219.72.238.135
Comments: Scan Port TCP port 1025

2)Remote address: 62.173.160.47
Comments: Scan Port TCP nameserver

3)Remote address: 222.240.249.203
Comments: Scan Port TCP Microsoft SQL Server

and there is six or seven more from the last day.
What does this mean exactly, is someone trying to hack into my computer (and for the life of me I can't think why!) or isthis innocent enough.
Do I need to do something?
Thanks in advance

[alphasubzero949]

You are being port scanned all of the time by Windows zombies. Ever notice why the activity light on your modem is always flickering, even when you're not doing anything network related?

Having NetBarrier send e-mails every time it detects an intrusion attempt is overkill, IMO.

If you turn on the built in firewall in OS X (ipfw) you are already good to go, so as long as you only open the ports that are absolutely necessary. Besides, Windows machines can't really attack you.

[finknottle]

Thanks for the quick reply. I appreciate that. Why would that just start today as a matter of interest? What do the windows "zombies" do when they find a windows machine that has the ports open? Is that the same as when a new pc connects to the internet with no antivirus and firewall on? Boom boom.... spam bot?!
Thanks again!

[CaptainHaddock]

Originally Posted by finknottle

What do the windows "zombies" do when they find a windows machine that has the ports open? Is that the same as when a new pc connects to the internet with no antivirus and firewall on? Boom boom.... spam bot?!
Thanks again!

You bet, that's why most fresh Windows installations get hacked even before the security updates can be installed.

Additionally, since many or most Windows machines have numerous trojans installed, hackers will scan the ports they open for access to your machine. It happened to me a few times back when I used Winblows. Heck, two hackers once had a conversation on my girlfriend's computer via text files in C:/.

[amazing]

This belongs in the networking forum, I say, what?

"Ask Jeeves" is what I always say!
(askjeeves.com or more simply, ask.com): stuff about establishing a "realistic threshold" approach to threat management, closing unnecessary ports, and having secure passwords if you must have services open:

http://netsecurity.about.com/cs/hack...a/aa121303.htm

along with good explanation of port scanning exploits:

http://netsecurity.about.com/gi/dyna...p%3Fsid%3D4234

and finally a diagnostic scan of your security from dslreports.com:

http://www.dslreports.com/scan

When I ran that on my Mac, here's what I got:

"Conclusion: Healthy Setup! We could detect no interesting responses from any of the commonly probed TCP and UDP ports. It would be difficult for an attacker to know where to start without further information."

I daresay this wouldn't be what I got if I had a Windows machine on the broadband connection? Anyway, you can be sure that this didn't just start recently but that your software finally figured out how to squirt a notification off to you. Port scanning has been happening for a long time, but more sophisticated crime groups are behind a lot of it nowadays. It's always interesting to use a "whois" server to see where the attacks are originating (eastern Europe, China, Italy, etc.)

Lots of nasty things happen to Windows PCs...

[legacyb4]

A good reason to park your computer(s) behind a simple hardware firewall; offload all those processes to something other than your Mac...

[voo]

Originally Posted by amazing

I daresay this wouldn't be what I got if I had a Windows machine on the broadband connection?

Lots of nasty things happen to Windows PCs...

I just wanted to see what it would say for me on Windows... infact both since its all behind a router.

(Conclusion: Alert - We did get at least some information from scanning your IP. Please review the information below, especially any OPEN TCP PORTS listed, to ensure that the state of your public setup matches your intentions.
TCP ALL FILTERED No response packet was received.
UDP ALL CLOSED We received a response packet that no service is available. )

[ghporter]

Originally Posted by CaptainHaddock

You bet, that's why most fresh Windows installations get hacked even before the security updates can be installed.

Additionally, since many or most Windows machines have numerous trojans installed, hackers will scan the ports they open for access to your machine. It happened to me a few times back when I used Winblows. Heck, two hackers once had a conversation on my girlfriend's computer via text files in C:/.

You overstate the extent of infiltration of Windows computers. Nevertheless, it is a major problem that Win users need to deal with, one way or the other. The smart thing to do is to run behind a NAT firewall at the very least, and to turn on whatever software firewall you have available. Doing this before connecting a Windows box to the Internet makes it much harder for the baddies to get the box. Further, the majority of Windows "security threats" are covered both by OS fixes and antivirus updates, so as long as you have a good AV package running, you're unlikely to get caught while downloading and installing security patches.

Still, a very smart lady my wife works with has a buggered up Windows laptop. She was talking with my wife about how slow it is, and how many popups she gets all the time, and my wife asked her when was the last time she'd updated her AV. "Update?" was the answer. Instead of coming out of the box set to update itself frequently, her software wasn't set to update itself at all... As I said, this is a smart person, but computers "ain't her bag, baby," so she didn't know the questions to ask to protect herself. I may be fixing some gooberage for her in the near future, and I'll show her how to protect herself. Would that all users got that sort of mentoring BEFORE they got messed with.

Sorry for the detour, but as I'm responsible for a number of Windows machines (that have NEVER been compromised) I thought I should shine some sunlight into a bleak sounding thread. Port scanning IS. Use a good hardware and software combination between you and the big, bad Internet, and you don't have to worry about it, even on a Windows machine.

[finknottle]

Thanks for your replies guys. Going on the last post, I need a hardware firewall of some sort. I do use Bittorrent so Apple Airports are out of the question due to NAT errors and the inability to poke a 'hole' through them (even when you open the port in the firewall prefs.)
What advice have you? Which is a good wireless one that a 'duffer' like me could use??... one that is easy configure?
Thanks again for putting my mind at rest!! It is weird that I seem to be just getting attacked in the last two days or that the Intego software has only now started notifying me even though I haven't changed any settings!!

[ghporter]

Almost any third party wired (or even wireless) router should let you open and/or forward ports fairly easily. Since just about everything now uses a browser interface, all you should have to do is key in the IP of the new device and follow the manual's instructions for entering all the settings you need. DO NOT believe that any router of any kind is not Mac compatible; you may not get a CD that does all this simple setting stuff for you, but that's all that may be non Mac compatible.